My relatively new GW is at 86.146.55.101I am keen to know what rules to apply when its agreed on.As it is I have blocked all china IP's as i was getting A LOT of connection attempts. Marc
On Thursday, 20 April 2017, 15:48, Brian Kantor Brian@UCSD.Edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ In analyzing the log, it's pretty clear that before I started filtering these packets out, amprgw was being used to attack hosts all over the Internet from a huge list of spoofed packet outer source addresses.
New firewall rules require that incoming proto-4 packets have to have an outer source address of one of the registered gateways, and forwarding rules require the inner source address to be on network 44 and on the list of registered hosts. This should help some.
Given those rules, the following gateways have been attempting to send encap packets with non-44 inner source addresses:
23.30.150.141 24.55.194.111 24.147.182.8 24.215.95.200 24.229.88.253 59.167.198.158 67.164.64.8 77.138.34.39 85.186.143.52 85.234.252.133 87.105.249.51 87.251.250.110 91.121.90.186 * 104.49.12.130 104.238.183.161
* this one has been doing it a lot
If people who operate these gateways could look into why they're doing this it would be appreciated. - Brian
On Thu, Apr 20, 2017 at 05:50:41AM +0000, R P wrote:
May you provide a list of all these gateways you see ? so that their maintainers will be aware and fix the problem ? I hope one of them is not myn ....
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net